Issues in summary.php (develop) - Issues in develop - evolution-cms/evolution - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3885)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

install/src/controllers/summary.php (1 issue)

Labels

Best Practice 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
if( ! function_exists('f_owc')){
    /**
     * @param $path
     * @param $data
     * @param null|int $mode
     */
    function f_owc($path, $data, $mode = null){
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
        try {
            // make an attempt to create the file
            $hnd = fopen($path, 'w');
            fwrite($hnd, $data);
            fclose($hnd);

            if(null !== $mode) chmod($path, $mode);
        }catch(Exception $e){
            // Nothing, this is NOT normal
            unset($e);
        }
    }
}

$installMode = isset($_POST['installmode']) ? (int)$_POST['installmode'] : 0;
if( ! isset($_lang)) $_lang = array();

echo '<div class="stepcontainer">
      <ul class="progressbar">
          <li class="visited">' . $_lang['choose_language'] . '</li>
          <li class="visited">' . $_lang['installation_mode'] . '</li>
          <li class="visited">' . $_lang['optional_items'] . '</li>
          <li class="active">' . $_lang['preinstall_validation'] . '</li>
          <li>' . $_lang['install_results'] . '</li>
  </ul>
  <div class="clearleft"></div>
</div>';

echo '<h2>' . $_lang['preinstall_validation'] . '</h2>';
echo '<h3>' . $_lang['summary_setup_check'] . '</h3>';

$errors = 0;


// check PHP version
define('PHP_MIN_VERSION', '5.4.0');
$phpMinVersion = PHP_MIN_VERSION; // Maybe not necessary. For backward compatibility
echo '<p>' . $_lang['checking_php_version'];
// -1 if left is less, 0 if equal, +1 if left is higher
if (version_compare(phpversion(), PHP_MIN_VERSION) < 0) {
    $errors++;
    $tmp = $_lang['you_running_php'] . phpversion() . str_replace('[+min_version+]', PHP_MIN_VERSION, $_lang["modx_requires_php"]);
    echo '<span class="notok">' . $_lang['failed'] . '</span>' . $tmp . '</p>';
} else {
    echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
}


// check if iconv is available
echo '<p>' . $_lang['checking_iconv'];
$iconv = (int) function_exists('iconv');
if ($iconv == '0'){
    echo '<span class="notok">' . $_lang['failed'].'</span></p><p><strong>'.$_lang['checking_iconv_note'].'</strong></p>';
    $errors++;
} else {
    echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
}
// check sessions
echo '<p>' . $_lang['checking_sessions'];
if ($_SESSION['test'] != 1) {
    echo '<span class="notok">' . $_lang['failed'].  '</span></p>';
    $errors++;
} else {
    echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
}


// check directories
// cache exists?
//echo '<p>' . $_lang['checking_if_cache_exist'];
//if (!file_exists("../assets/cache") || !file_exists("../assets/cache/rss")) {
//    echo '<span class="notok">' . $_lang['failed'] . '</span></p>';
//    $errors++;
//} else {
//    echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
//}


// cache writable?
echo '<p>' . $_lang['checking_if_cache_writable'];
if (!is_writable("../assets/cache")) {
    $errors++;
    echo '<span class="notok">' . $_lang['failed'] . '</span></p>';
} else {
    echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
}


// cache files writable?
echo '<p>' . $_lang['checking_if_cache_file_writable'];
$tmp = "../assets/cache/siteCache.idx.php";
if ( ! file_exists($tmp)) {
    f_owc($tmp, "<?php //EVO site cache file ?>");
}
if ( ! is_writable($tmp)) {
    $errors++;
    echo '<span class="notok">' . $_lang['failed'] . '</span></p>';
} else {
    echo '<span class="ok">'.$_lang['ok'].'</span></p>';
}


//echo '<p>'.$_lang['checking_if_cache_file2_writable'];
//if ( ! is_writable("../assets/cache/sitePublishing.idx.php")) {
//    $errors++;
//    echo '<span class="notok">'.$_lang['failed'].'</span></p>';
//} else {
//    echo '<span class="ok">'.$_lang['ok'].'</span></p>';
//}


// File Browser directories exists?
echo '<p>'.$_lang['checking_if_images_exist'];
switch(true){
    case !file_exists("../assets/images"):
    case !file_exists("../assets/files"):
    case !file_exists("../assets/backup"):
    case !file_exists("../assets/.thumbs"):
        $errors++;
        echo '<span class="notok">'.$_lang['failed'].'</span></p>';
        break;
    default:
        echo '<span class="ok">'.$_lang['ok'].'</span></p>';
}


// File Browser directories writable?
echo '<p>'.$_lang['checking_if_images_writable'];
switch(true){
    case !is_writable("../assets/images"):
    case !is_writable("../assets/files"):
    case !is_writable("../assets/backup"):
    case !is_writable("../assets/.thumbs"):
        $errors++;
        echo '<span class="notok">'.$_lang['failed'].'</span></p>';
        break;
    default:
        echo '<span class="ok">'.$_lang['ok'].'</span></p>';
}


// export exists?
echo '<p>'.$_lang['checking_if_export_exists'];
if (!file_exists("../assets/export")) {
    echo '<span class="notok">'.$_lang['failed'].'</span></p>';
    $errors++;
} else {
    echo '<span class="ok">'.$_lang['ok'].'</span></p>';
}


// export writable?
echo '<p>'.$_lang['checking_if_export_writable'];
if (!is_writable("../assets/export")) {
    echo '<span class="notok">'.$_lang['failed'].'</span></p>';
    $errors++;
} else {
    echo '<span class="ok">'.$_lang['ok'].'</span></p>';
}


// config.inc.php writable?
echo '<p>'.$_lang['checking_if_config_exist_and_writable'];
$tmp = "../".MGR_DIR."/includes/config.inc.php";
if (!is_file($tmp)) {
    f_owc($tmp, "<?php //EVO configuration file ?>", 0666);
} else {
    @chmod($tmp, 0666);
}
$isWriteable = is_writable($tmp);
if (!$isWriteable) {
    $errors++;
    echo '<span class="notok">'.$_lang['failed'].'</span></p><p><strong>'.$_lang['config_permissions_note'].'</strong></p>';
} else {
    echo '<span class="ok">'.$_lang['ok'].'</span></p>';
}


// connect to the database
if ($installMode == 1) {
    include "../".MGR_DIR."/includes/config.inc.php";
} else {
    // get db info from post
    $database_server = $_POST['databasehost'];
    $database_user = $_SESSION['databaseloginname'];
    $database_password = $_SESSION['databaseloginpassword'];
    $database_collation = $_POST['database_collation'];
    $database_charset = substr($database_collation, 0, strpos($database_collation, '_') - 1);
    $database_connection_charset = $_POST['database_connection_charset'];
    $database_connection_method = $_POST['database_connection_method'];
    $dbase = '`' . $_POST['database_name'] . '`';
    $table_prefix = $_POST['tableprefix'];
}
echo '<p>'.$_lang['creating_database_connection'];
$host = explode(':', $database_server, 2);
if (!$conn = mysqli_connect($host[0], $database_user, $database_password,'', isset($host[1]) ? $host[1] : null)) {
    $errors++;
    echo '<span class="notok">'.$_lang['database_connection_failed'].'</span><p />'.$_lang['database_connection_failed_note'].'</p>';
} else {
    echo '<span class="ok">'.$_lang['ok'].'</span></p>';
}


// make sure we can use the database
if ($installMode > 0 && !mysqli_query($conn, "USE {$dbase}")) {
    $errors++;
    echo '<span class="notok">'.$_lang['database_use_failed'].'</span><p />'.$_lang["database_use_failed_note"].'</p>';
}

// check the database collation if not specified in the configuration
if (!isset ($database_connection_charset) || empty ($database_connection_charset)) {
    if (!$rs = mysqli_query($conn, "show session variables like 'collation_database'")) {
        $rs = mysqli_query($conn, "show session variables like 'collation_server'");
    }
    if ($rs && $collation = mysqli_fetch_row($rs)) {
        $database_collation = $collation[1];
    }
    if (empty ($database_collation)) {
        $database_collation = 'utf8_unicode_ci';
    }
    $database_charset = substr($database_collation, 0, strpos($database_collation, '_') - 1);
    $database_connection_charset = $database_charset;
}

// determine the database connection method if not specified in the configuration
if (!isset($database_connection_method) || empty($database_connection_method)) {
    $database_connection_method = 'SET CHARACTER SET';
}

// check table prefix
if ($conn && $installMode == 0) {
    echo '<p>' . $_lang['checking_table_prefix'] . $table_prefix . '`: ';
    if ($rs= mysqli_query($conn, "SELECT COUNT(*) FROM $dbase.`" . $table_prefix . "site_content`")) {
        echo '<span class="notok">' . $_lang['failed'] . '</span></b>' . $_lang['table_prefix_already_inuse'] . '</p>';
        $errors++;
        echo "<p>" . $_lang['table_prefix_already_inuse_note'] . '</p>';
    } else {
        echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
    }
} elseif ($conn && $installMode == 2) {
    echo '<p>' . $_lang['checking_table_prefix'] . $table_prefix . '`: ';
    if (!$rs = mysqli_query($conn, "SELECT COUNT(*) FROM $dbase.`" . $table_prefix . "site_content`")) {
        echo '<span class="notok">' . $_lang['failed'] . '</span></b>' . $_lang['table_prefix_not_exist'] . '</p>';
        $errors++;
        echo '<p>' . $_lang['table_prefix_not_exist_note'] . '</p>';
  } else {
        echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
  }
}

// check mysql version
if ($conn) {
    echo '<p>' . $_lang['checking_mysql_version'];
    if ( version_compare(mysqli_get_server_info($conn), '5.0.51', '=') ) {
        echo '<span class="notok">'  . $_lang['warning'] . '</span></b>&nbsp;&nbsp;<strong>' . $_lang['mysql_5051'] . '</strong></p>';
        echo '<p><span class="notok">' . $_lang['mysql_5051_warning'] . '</span></p>';
    } else {
        echo '<span class="ok">' . $_lang['ok'] . '</span>&nbsp;&nbsp;<strong>' . $_lang['mysql_version_is'] . mysqli_get_server_info($conn) . '</strong></p>';
    }
}

// check for strict mode
if ($conn) {
    echo '<p>'. $_lang['checking_mysql_strict_mode'];
    $mysqlmode = mysqli_query($conn, "SELECT @@global.sql_mode");
    if (mysqli_num_rows($mysqlmode) > 0){
        $modes = mysqli_fetch_array($mysqlmode, MYSQLI_NUM);
        //$modes = array("STRICT_TRANS_TABLES"); // for testing
        // print_r($modes);
        foreach ($modes as $mode) {
            if (stristr($mode, "STRICT_TRANS_TABLES") !== false || stristr($mode, "STRICT_ALL_TABLES") !== false) {
                echo '<span class="notok">' . $_lang['warning'] . '</span></b> <strong>&nbsp;&nbsp;' . $_lang['strict_mode'] . '</strong></p>';
                echo '<p><span class="notok">' . $_lang['strict_mode_error'] . '</span></p>';
            } else {
                echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
            }
        }
    } else {
        echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
    }
}
// Version and strict mode check end

// andrazk 20070416 - add install flag and disable manager login
// assets/cache writable?
if (is_writable("../assets/cache")) {
    if (file_exists('../assets/cache/installProc.inc.php')) {
        @chmod('../assets/cache/installProc.inc.php', 0755);
        unlink('../assets/cache/installProc.inc.php');
    }

    f_owc("../assets/cache/installProc.inc.php", '<?php $installStartTime = '.time().'; ?>');
}

if($installMode > 0 && $_POST['installdata'] == "1") {
    echo '<p class="notes"><strong>' . $_lang['sample_web_site'] . ':</strong> ' . $_lang['sample_web_site_note'] . '</p>';
}

if ($errors > 0) {
    echo '<p>';
    echo $_lang['setup_cannot_continue'] . ' ';

    if($errors > 1){
        echo $errors . " " . $_lang['errors'] . $_lang['please_correct_errors'] . $_lang['and_try_again_plural'];
    }else{
        echo $_lang['error'] . $_lang['please_correct_error'] . $_lang['and_try_again'];
    }

    echo $_lang['visit_forum'];
    echo '</p>';
}

echo '<p>&nbsp;</p>';

$nextAction= $errors > 0 ? 'summary' : 'install';
$nextButton= $errors > 0 ? $_lang['retry'] : $_lang['install'];
$nextVisibility= $errors > 0 || isset($_POST['chkagree']) ? 'visible' : 'hidden';
$agreeToggle= $errors > 0 ? '' : ' onclick="if(document.getElementById(\'chkagree\').checked){document.getElementById(\'nextbutton\').style.visibility=\'visible\';}else{document.getElementById(\'nextbutton\').style.visibility=\'hidden\';}"';
?>
<form name="install" id="install_form" action="index.php?action=<?php echo $nextAction ?>" method="post">
  <div>
    <input type="hidden" value="<?php echo $install_language?>" name="language" />
    <input type="hidden" value="<?php echo $manager_language?>" name="managerlanguage" />
    <input type="hidden" value="<?php echo $installMode ?>" name="installmode" />
    <input type="hidden" value="<?php echo trim($_POST['database_name'], '`'); ?>" name="database_name" />
    <input type="hidden" value="<?php echo $_POST['tableprefix'] ?>" name="tableprefix" />
    <input type="hidden" value="<?php echo $_POST['database_collation'] ?>" name="database_collation" />
    <input type="hidden" value="<?php echo $_POST['database_connection_charset'] ?>" name="database_connection_charset" />
    <input type="hidden" value="<?php echo $_POST['database_connection_method'] ?>" name="database_connection_method" />
    <input type="hidden" value="<?php echo $_POST['databasehost'] ?>" name="databasehost" />
    <input type="hidden" value="<?php echo $_POST['cmsadmin'] ?>" name="cmsadmin" />
    <input type="hidden" value="<?php echo $_POST['cmsadminemail'] ?>" name="cmsadminemail" />
    <input type="hidden" value="<?php echo $_POST['cmspassword'] ?>" name="cmspassword" />
    <input type="hidden" value="<?php echo $_POST['cmspasswordconfirm'] ?>" name="cmspasswordconfirm" />

    <input type="hidden" value="1" name="options_selected" />

    <input type="hidden" value="<?php echo $_POST['installdata'] ?>" name="installdata" />
<?php
    $templates = isset ($_POST['template']) ? $_POST['template'] : array ();
    foreach ($templates as $i => $template) echo '<input type="hidden" name="template[]" value="'.$template.'" />';

    $tvs = isset ($_POST['tv']) ? $_POST['tv'] : array ();
    foreach ($tvs as $i => $tv) echo '<input type="hidden" name="tv[]" value="'.$tv.'" />';

    $chunks = isset ($_POST['chunk']) ? $_POST['chunk'] : array ();
    foreach ($chunks as $i => $chunk) echo '<input type="hidden" name="chunk[]" value="'.$chunk.'" />';

    $snippets = isset ($_POST['snippet']) ? $_POST['snippet'] : array ();
    foreach ($snippets as $i => $snippet) echo '<input type="hidden" name="snippet[]" value="'.$snippet.'" />';

    $plugins = isset ($_POST['plugin']) ? $_POST['plugin'] : array ();
    foreach ($plugins as $i => $plugin) echo '<input type="hidden" name="plugin[]" value="'.$plugin.'" />';

    $modules = isset ($_POST['module']) ? $_POST['module'] : array ();
    foreach ($modules as $i => $module) echo '<input type="hidden" name="module[]" value="'.$module.'" />';
?>
</div>

<h2><?php echo $_lang['agree_to_terms'];?></h2>
<p>
<input type="checkbox" value="1" id="chkagree" name="chkagree" style="line-height:18px" <?php echo isset($_POST['chkagree']) ? 'checked="checked" ':""; ?><?php echo $agreeToggle;?>/><label for="chkagree" style="display:inline;float:none;line-height:18px;"> <?php echo $_lang['iagree_box']?> </label>
</p>
    <p class="buttonlinks">
        <a href="javascript:document.getElementById('install_form').action='index.php?action=options&language=<?php echo $install_language?>';document.getElementById('install_form').submit();" class="prev" title="<?php echo $_lang['btnback_value']?>"><span><?php echo $_lang['btnback_value']?></span></a>
        <a id="nextbutton" href="javascript:document.getElementById('install_form').submit();" title="<?php echo $nextButton ?>" style="visibility:<?php echo $nextVisibility;?>"><span><?php echo $nextButton ?></span></a>
    </p>
</form>


1		<?php
2	View Code Duplication	if( ! function_exists('f_owc')){
3		/**
4		* @param $path
5		* @param $data
6		* @param null\|int $mode
7		*/
8		function f_owc($path, $data, $mode = null){
		0 ignored issues – show Best Practice introduced 2018-06-06 14:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `f_owc()` has been defined more than once; this definition is ignored, only the first definition in `install/cli-install.php` (L151-166) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
9		try {
10		// make an attempt to create the file
11		$hnd = fopen($path, 'w');
12		fwrite($hnd, $data);
13		fclose($hnd);
14
15		if(null !== $mode) chmod($path, $mode);
16		}catch(Exception $e){
17		// Nothing, this is NOT normal
18		unset($e);
19		}
20		}
21		}
22
23		$installMode = isset($_POST['installmode']) ? (int)$_POST['installmode'] : 0;
24		if( ! isset($_lang)) $_lang = array();
25
26		echo '<div class="stepcontainer">
27		<ul class="progressbar">
28		<li class="visited">' . $_lang['choose_language'] . '</li>
29		<li class="visited">' . $_lang['installation_mode'] . '</li>
30		<li class="visited">' . $_lang['optional_items'] . '</li>
31		<li class="active">' . $_lang['preinstall_validation'] . '</li>
32		<li>' . $_lang['install_results'] . '</li>
33		</ul>
34		<div class="clearleft"></div>
35		</div>';
36
37		echo '<h2>' . $_lang['preinstall_validation'] . '</h2>';
38		echo '<h3>' . $_lang['summary_setup_check'] . '</h3>';
39
40		$errors = 0;
41
42
43		// check PHP version
44		define('PHP_MIN_VERSION', '5.4.0');
45		$phpMinVersion = PHP_MIN_VERSION; // Maybe not necessary. For backward compatibility
46		echo '<p>' . $_lang['checking_php_version'];
47		// -1 if left is less, 0 if equal, +1 if left is higher
48		if (version_compare(phpversion(), PHP_MIN_VERSION) < 0) {
49		$errors++;
50		$tmp = $_lang['you_running_php'] . phpversion() . str_replace('[+min_version+]', PHP_MIN_VERSION, $_lang["modx_requires_php"]);
51		echo '<span class="notok">' . $_lang['failed'] . '</span>' . $tmp . '</p>';
52		} else {
53		echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
54		}
55
56
57		// check if iconv is available
58		echo '<p>' . $_lang['checking_iconv'];
59		$iconv = (int) function_exists('iconv');
60		if ($iconv == '0'){
61		echo '<span class="notok">' . $_lang['failed'].'</span></p><p><strong>'.$_lang['checking_iconv_note'].'</strong></p>';
62		$errors++;
63		} else {
64		echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
65		}
66		// check sessions
67		echo '<p>' . $_lang['checking_sessions'];
68	View Code Duplication	if ($_SESSION['test'] != 1) {
69		echo '<span class="notok">' . $_lang['failed']. '</span></p>';
70		$errors++;
71		} else {
72		echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
73		}
74
75
76		// check directories
77		// cache exists?
78		//echo '<p>' . $_lang['checking_if_cache_exist'];
79		//if (!file_exists("../assets/cache") \|\| !file_exists("../assets/cache/rss")) {
80		// echo '<span class="notok">' . $_lang['failed'] . '</span></p>';
81		// $errors++;
82		//} else {
83		// echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
84		//}
85
86
87		// cache writable?
88		echo '<p>' . $_lang['checking_if_cache_writable'];
89	View Code Duplication	if (!is_writable("../assets/cache")) {
90		$errors++;
91		echo '<span class="notok">' . $_lang['failed'] . '</span></p>';
92		} else {
93		echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
94		}
95
96
97		// cache files writable?
98		echo '<p>' . $_lang['checking_if_cache_file_writable'];
99		$tmp = "../assets/cache/siteCache.idx.php";
100		if ( ! file_exists($tmp)) {
101		f_owc($tmp, "<?php //EVO site cache file ?>");
102		}
103	View Code Duplication	if ( ! is_writable($tmp)) {
104		$errors++;
105		echo '<span class="notok">' . $_lang['failed'] . '</span></p>';
106		} else {
107		echo '<span class="ok">'.$_lang['ok'].'</span></p>';
108		}
109
110
111		//echo '<p>'.$_lang['checking_if_cache_file2_writable'];
112		//if ( ! is_writable("../assets/cache/sitePublishing.idx.php")) {
113		// $errors++;
114		// echo '<span class="notok">'.$_lang['failed'].'</span></p>';
115		//} else {
116		// echo '<span class="ok">'.$_lang['ok'].'</span></p>';
117		//}
118
119
120		// File Browser directories exists?
121		echo '<p>'.$_lang['checking_if_images_exist'];
122	View Code Duplication	switch(true){
123		case !file_exists("../assets/images"):
124		case !file_exists("../assets/files"):
125		case !file_exists("../assets/backup"):
126		case !file_exists("../assets/.thumbs"):
127		$errors++;
128		echo '<span class="notok">'.$_lang['failed'].'</span></p>';
129		break;
130		default:
131		echo '<span class="ok">'.$_lang['ok'].'</span></p>';
132		}
133
134
135		// File Browser directories writable?
136		echo '<p>'.$_lang['checking_if_images_writable'];
137	View Code Duplication	switch(true){
138		case !is_writable("../assets/images"):
139		case !is_writable("../assets/files"):
140		case !is_writable("../assets/backup"):
141		case !is_writable("../assets/.thumbs"):
142		$errors++;
143		echo '<span class="notok">'.$_lang['failed'].'</span></p>';
144		break;
145		default:
146		echo '<span class="ok">'.$_lang['ok'].'</span></p>';
147		}
148
149
150		// export exists?
151		echo '<p>'.$_lang['checking_if_export_exists'];
152	View Code Duplication	if (!file_exists("../assets/export")) {
153		echo '<span class="notok">'.$_lang['failed'].'</span></p>';
154		$errors++;
155		} else {
156		echo '<span class="ok">'.$_lang['ok'].'</span></p>';
157		}
158
159
160		// export writable?
161		echo '<p>'.$_lang['checking_if_export_writable'];
162	View Code Duplication	if (!is_writable("../assets/export")) {
163		echo '<span class="notok">'.$_lang['failed'].'</span></p>';
164		$errors++;
165		} else {
166		echo '<span class="ok">'.$_lang['ok'].'</span></p>';
167		}
168
169
170		// config.inc.php writable?
171		echo '<p>'.$_lang['checking_if_config_exist_and_writable'];
172		$tmp = "../".MGR_DIR."/includes/config.inc.php";
173	View Code Duplication	if (!is_file($tmp)) {
174		f_owc($tmp, "<?php //EVO configuration file ?>", 0666);
175		} else {
176		@chmod($tmp, 0666);
177		}
178		$isWriteable = is_writable($tmp);
179		if (!$isWriteable) {
180		$errors++;
181		echo '<span class="notok">'.$_lang['failed'].'</span></p><p><strong>'.$_lang['config_permissions_note'].'</strong></p>';
182		} else {
183		echo '<span class="ok">'.$_lang['ok'].'</span></p>';
184		}
185
186
187		// connect to the database
188		if ($installMode == 1) {
189		include "../".MGR_DIR."/includes/config.inc.php";
190		} else {
191		// get db info from post
192		$database_server = $_POST['databasehost'];
193		$database_user = $_SESSION['databaseloginname'];
194		$database_password = $_SESSION['databaseloginpassword'];
195		$database_collation = $_POST['database_collation'];
196		$database_charset = substr($database_collation, 0, strpos($database_collation, '_') - 1);
197		$database_connection_charset = $_POST['database_connection_charset'];
198		$database_connection_method = $_POST['database_connection_method'];
199		$dbase = '`' . $_POST['database_name'] . '`';
200		$table_prefix = $_POST['tableprefix'];
201		}
202		echo '<p>'.$_lang['creating_database_connection'];
203		$host = explode(':', $database_server, 2);
204		if (!$conn = mysqli_connect($host[0], $database_user, $database_password,'', isset($host[1]) ? $host[1] : null)) {
205		$errors++;
206		echo '<span class="notok">'.$_lang['database_connection_failed'].'</span><p />'.$_lang['database_connection_failed_note'].'</p>';
207		} else {
208		echo '<span class="ok">'.$_lang['ok'].'</span></p>';
209		}
210
211
212		// make sure we can use the database
213		if ($installMode > 0 && !mysqli_query($conn, "USE {$dbase}")) {
214		$errors++;
215		echo '<span class="notok">'.$_lang['database_use_failed'].'</span><p />'.$_lang["database_use_failed_note"].'</p>';
216		}
217
218		// check the database collation if not specified in the configuration
219	View Code Duplication	if (!isset ($database_connection_charset) \|\| empty ($database_connection_charset)) {
220		if (!$rs = mysqli_query($conn, "show session variables like 'collation_database'")) {
221		$rs = mysqli_query($conn, "show session variables like 'collation_server'");
222		}
223		if ($rs && $collation = mysqli_fetch_row($rs)) {
224		$database_collation = $collation[1];
225		}
226		if (empty ($database_collation)) {
227		$database_collation = 'utf8_unicode_ci';
228		}
229		$database_charset = substr($database_collation, 0, strpos($database_collation, '_') - 1);
230		$database_connection_charset = $database_charset;
231		}
232
233		// determine the database connection method if not specified in the configuration
234		if (!isset($database_connection_method) \|\| empty($database_connection_method)) {
235		$database_connection_method = 'SET CHARACTER SET';
236		}
237
238		// check table prefix
239		if ($conn && $installMode == 0) {
240		echo '<p>' . $_lang['checking_table_prefix'] . $table_prefix . '`: ';
241	View Code Duplication	if ($rs= mysqli_query($conn, "SELECT COUNT(*) FROM $dbase.`" . $table_prefix . "site_content`")) {
242		echo '<span class="notok">' . $_lang['failed'] . '</span></b>' . $_lang['table_prefix_already_inuse'] . '</p>';
243		$errors++;
244		echo "<p>" . $_lang['table_prefix_already_inuse_note'] . '</p>';
245		} else {
246		echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
247		}
248		} elseif ($conn && $installMode == 2) {
249		echo '<p>' . $_lang['checking_table_prefix'] . $table_prefix . '`: ';
250	View Code Duplication	if (!$rs = mysqli_query($conn, "SELECT COUNT(*) FROM $dbase.`" . $table_prefix . "site_content`")) {
251		echo '<span class="notok">' . $_lang['failed'] . '</span></b>' . $_lang['table_prefix_not_exist'] . '</p>';
252		$errors++;
253		echo '<p>' . $_lang['table_prefix_not_exist_note'] . '</p>';
254		} else {
255		echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
256		}
257		}
258
259		// check mysql version
260		if ($conn) {
261		echo '<p>' . $_lang['checking_mysql_version'];
262		if ( version_compare(mysqli_get_server_info($conn), '5.0.51', '=') ) {
263		echo '<span class="notok">' . $_lang['warning'] . '</span></b>  <strong>' . $_lang['mysql_5051'] . '</strong></p>';
264		echo '<p><span class="notok">' . $_lang['mysql_5051_warning'] . '</span></p>';
265	View Code Duplication	} else {
266		echo '<span class="ok">' . $_lang['ok'] . '</span>  <strong>' . $_lang['mysql_version_is'] . mysqli_get_server_info($conn) . '</strong></p>';
267		}
268		}
269
270		// check for strict mode
271		if ($conn) {
272		echo '<p>'. $_lang['checking_mysql_strict_mode'];
273		$mysqlmode = mysqli_query($conn, "SELECT @@global.sql_mode");
274		if (mysqli_num_rows($mysqlmode) > 0){
275		$modes = mysqli_fetch_array($mysqlmode, MYSQLI_NUM);
276		//$modes = array("STRICT_TRANS_TABLES"); // for testing
277		// print_r($modes);
278		foreach ($modes as $mode) {
279		if (stristr($mode, "STRICT_TRANS_TABLES") !== false \|\| stristr($mode, "STRICT_ALL_TABLES") !== false) {
280		echo '<span class="notok">' . $_lang['warning'] . '</span></b> <strong>  ' . $_lang['strict_mode'] . '</strong></p>';
281		echo '<p><span class="notok">' . $_lang['strict_mode_error'] . '</span></p>';
282		} else {
283		echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
284		}
285		}
286		} else {
287		echo '<span class="ok">' . $_lang['ok'] . '</span></p>';
288		}
289		}
290		// Version and strict mode check end
291
292		// andrazk 20070416 - add install flag and disable manager login
293		// assets/cache writable?
294	View Code Duplication	if (is_writable("../assets/cache")) {
295		if (file_exists('../assets/cache/installProc.inc.php')) {
296		@chmod('../assets/cache/installProc.inc.php', 0755);
297		unlink('../assets/cache/installProc.inc.php');
298		}
299
300		f_owc("../assets/cache/installProc.inc.php", '<?php $installStartTime = '.time().'; ?>');
301		}
302
303	View Code Duplication	if($installMode > 0 && $_POST['installdata'] == "1") {
304		echo '<p class="notes"><strong>' . $_lang['sample_web_site'] . ':</strong> ' . $_lang['sample_web_site_note'] . '</p>';
305		}
306
307		if ($errors > 0) {
308		echo '<p>';
309		echo $_lang['setup_cannot_continue'] . ' ';
310
311	View Code Duplication	if($errors > 1){
312		echo $errors . " " . $_lang['errors'] . $_lang['please_correct_errors'] . $_lang['and_try_again_plural'];
313		}else{
314		echo $_lang['error'] . $_lang['please_correct_error'] . $_lang['and_try_again'];
315		}
316
317		echo $_lang['visit_forum'];
318		echo '</p>';
319		}
320
321		echo '<p> </p>';
322
323		$nextAction= $errors > 0 ? 'summary' : 'install';
324		$nextButton= $errors > 0 ? $_lang['retry'] : $_lang['install'];
325		$nextVisibility= $errors > 0 \|\| isset($_POST['chkagree']) ? 'visible' : 'hidden';
326		$agreeToggle= $errors > 0 ? '' : ' onclick="if(document.getElementById(\'chkagree\').checked){document.getElementById(\'nextbutton\').style.visibility=\'visible\';}else{document.getElementById(\'nextbutton\').style.visibility=\'hidden\';}"';
327		?>
328		<form name="install" id="install_form" action="index.php?action=<?php echo $nextAction ?>" method="post">
329		<div>
330		<input type="hidden" value="<?php echo $install_language?>" name="language" />
331		<input type="hidden" value="<?php echo $manager_language?>" name="managerlanguage" />
332		<input type="hidden" value="<?php echo $installMode ?>" name="installmode" />
333		<input type="hidden" value="<?php echo trim($_POST['database_name'], '`'); ?>" name="database_name" />
334		<input type="hidden" value="<?php echo $_POST['tableprefix'] ?>" name="tableprefix" />
335		<input type="hidden" value="<?php echo $_POST['database_collation'] ?>" name="database_collation" />
336		<input type="hidden" value="<?php echo $_POST['database_connection_charset'] ?>" name="database_connection_charset" />
337		<input type="hidden" value="<?php echo $_POST['database_connection_method'] ?>" name="database_connection_method" />
338		<input type="hidden" value="<?php echo $_POST['databasehost'] ?>" name="databasehost" />
339		<input type="hidden" value="<?php echo $_POST['cmsadmin'] ?>" name="cmsadmin" />
340		<input type="hidden" value="<?php echo $_POST['cmsadminemail'] ?>" name="cmsadminemail" />
341		<input type="hidden" value="<?php echo $_POST['cmspassword'] ?>" name="cmspassword" />
342		<input type="hidden" value="<?php echo $_POST['cmspasswordconfirm'] ?>" name="cmspasswordconfirm" />
343
344		<input type="hidden" value="1" name="options_selected" />
345
346		<input type="hidden" value="<?php echo $_POST['installdata'] ?>" name="installdata" />
347		<?php
348		$templates = isset ($_POST['template']) ? $_POST['template'] : array ();
349		foreach ($templates as $i => $template) echo '<input type="hidden" name="template[]" value="'.$template.'" />';
350
351		$tvs = isset ($_POST['tv']) ? $_POST['tv'] : array ();
352		foreach ($tvs as $i => $tv) echo '<input type="hidden" name="tv[]" value="'.$tv.'" />';
353
354		$chunks = isset ($_POST['chunk']) ? $_POST['chunk'] : array ();
355		foreach ($chunks as $i => $chunk) echo '<input type="hidden" name="chunk[]" value="'.$chunk.'" />';
356
357		$snippets = isset ($_POST['snippet']) ? $_POST['snippet'] : array ();
358		foreach ($snippets as $i => $snippet) echo '<input type="hidden" name="snippet[]" value="'.$snippet.'" />';
359
360		$plugins = isset ($_POST['plugin']) ? $_POST['plugin'] : array ();
361		foreach ($plugins as $i => $plugin) echo '<input type="hidden" name="plugin[]" value="'.$plugin.'" />';
362
363		$modules = isset ($_POST['module']) ? $_POST['module'] : array ();
364		foreach ($modules as $i => $module) echo '<input type="hidden" name="module[]" value="'.$module.'" />';
365		?>
366		</div>
367
368		<h2><?php echo $_lang['agree_to_terms'];?></h2>
369		<p>
370		<input type="checkbox" value="1" id="chkagree" name="chkagree" style="line-height:18px" <?php echo isset($_POST['chkagree']) ? 'checked="checked" ':""; ?><?php echo $agreeToggle;?>/><label for="chkagree" style="display:inline;float:none;line-height:18px;"> <?php echo $_lang['iagree_box']?> </label>
371		</p>
372		<p class="buttonlinks">
373		<a href="javascript:document.getElementById('install_form').action='index.php?action=options&language=<?php echo $install_language?>';document.getElementById('install_form').submit();" class="prev" title="<?php echo $_lang['btnback_value']?>"><span><?php echo $_lang['btnback_value']?></span></a>
374		<a id="nextbutton" href="javascript:document.getElementById('install_form').submit();" title="<?php echo $nextButton ?>" style="visibility:<?php echo $nextVisibility;?>"><span><?php echo $nextButton ?></span></a>
375		</p>
376		</form>
377

evolution-cms / evolution

Issues (3885)

Security Analysis not enabled

install/src/controllers/summary.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like